Did I just fall for a phishing attempt?
May 25, 2006 2:44 AM Subscribe
I spotted this housing post on Craigslist, and when I clicked on the link posted inside it, it sent me straight into the inbox of my Yahoo mail account. Was this a phishing attempt?
Because the Craigslist posting will inevitably be removed, the link "looked" (i.e. to the naked eye, without mousing over it) like this:
http://orangecounty.craigslist.org/roo/164188466.html
But when I held my mouse over it, I saw this:
http://mail.yahoo.com/config/login?/http://orangecounty.craigslist.org/roo/164188466.html
Unfortunately, I clicked on it without thinking. D'oh! I've deleted my Yahoo account, which I was barely using anyway.....but I'm still worried. Between the time that I clicked on it, and the time that I deleted my account, roughly 5-7 minutes passed. First I changed the password, but then my full-fledged paranoia kicked in and I went through Yahoo's procedure of making my account inactive. Could this person have seen or done anything involving my Yahoo account?
Because the Craigslist posting will inevitably be removed, the link "looked" (i.e. to the naked eye, without mousing over it) like this:
http://orangecounty.craigslist.org/roo/164188466.html
But when I held my mouse over it, I saw this:
http://mail.yahoo.com/config/login?/http://orangecounty.craigslist.org/roo/164188466.html
Unfortunately, I clicked on it without thinking. D'oh! I've deleted my Yahoo account, which I was barely using anyway.....but I'm still worried. Between the time that I clicked on it, and the time that I deleted my account, roughly 5-7 minutes passed. First I changed the password, but then my full-fledged paranoia kicked in and I went through Yahoo's procedure of making my account inactive. Could this person have seen or done anything involving my Yahoo account?
I don't know how Yahoo works, but it seems highly doubtful they'd have any sort of mechanism that sends out passwords to third parties.
The 'fake' link is still on the Yahoo domain, and the data is sent to a Yahoo domain as well.
I don't know that the extra parameter in the form of an URL does, though. It may be someting useful. I hope something as stupidly simple as this is actually a security leak.
posted by Harry at 3:24 AM on May 25, 2006
The 'fake' link is still on the Yahoo domain, and the data is sent to a Yahoo domain as well.
I don't know that the extra parameter in the form of an URL does, though. It may be someting useful. I hope something as stupidly simple as this is actually a security leak.
posted by Harry at 3:24 AM on May 25, 2006
I would think you're fine. You're still being sent to the yahoo page, not some other page, so you haven't given your details to anybody.
posted by antifuse at 3:29 AM on May 25, 2006
posted by antifuse at 3:29 AM on May 25, 2006
No way in hell does Yahoo throw your password in the URL. You're safe.
posted by Civil_Disobedient at 4:28 AM on May 25, 2006
posted by Civil_Disobedient at 4:28 AM on May 25, 2006
It appears that Yahoo Mail inserts the "http://mail.yahoo.com/config/login?/" part when viewing messages with URLs in your mailbox. Presumably this works fine when you click it from Yahoo Mail, but also presumably some people copy the URL wholesale and don't realize it's incorrect.
So it's actually an anti-phishing attempt gone haywire.
posted by trevyn at 5:17 AM on May 25, 2006
So it's actually an anti-phishing attempt gone haywire.
posted by trevyn at 5:17 AM on May 25, 2006
Phishing requires more than you clicking a link...phishing means they'd set up some sort of fake interface and get you to input your password/bank account #/SSN/etc. It was far too excessive to delete your entire account, even changing your password wasn't necessary...how could anyone have gotten your information? Clicking on a bad link magically sends your password to someone? Also, the fact that the extra text in the URL was yahoo.com and not freei-podz11332.ru should have also tipped you off that the URL was okay. All it did was redirect you to your inbox.
posted by apple scruff at 7:20 AM on May 25, 2006
posted by apple scruff at 7:20 AM on May 25, 2006
You might have just outlasted your logged in Yahoo Mail session. Clicking on the link required you to login again, probably because of a timeout.
posted by mathowie at 7:24 AM on May 25, 2006
posted by mathowie at 7:24 AM on May 25, 2006
I'd say that this is more a bad HTML programmer than someone trying to fish your email password or addy.
Rest easy, but kudos on being paranoid. The first step in keeping yourself safe is realizing that you maybe don't know that your stuff is safe. Better to do this than shrug it off and get hacked later.
posted by plaidrabbit at 7:50 AM on May 25, 2006
Rest easy, but kudos on being paranoid. The first step in keeping yourself safe is realizing that you maybe don't know that your stuff is safe. Better to do this than shrug it off and get hacked later.
posted by plaidrabbit at 7:50 AM on May 25, 2006
It could just be the original poster cutting and pasting the wrong address for the link, too. Something I'm prone to do, unfortunately. Maybe you want to reply to the ad and ask them?
posted by redsnare at 10:25 AM on May 25, 2006
posted by redsnare at 10:25 AM on May 25, 2006
My take: Yahoo Mail is set as your default mail handler for "mailto" links in Safari. Then, the poster at craigslist made a mistake in coding the link: they put an http address within a mailto href. You click, and Yahoo Mail opens with a web page URI instead of an email address.
posted by dammitjim at 12:33 PM on May 25, 2006
posted by dammitjim at 12:33 PM on May 25, 2006
Response by poster: Thanks everyone! I was a bit unsure, as I couldn't see the logic in Person A posting a link inside their Craigslist post that directs Person B to B's Yahoo inbox. All of these answers make more sense.
posted by Esther Festers at 12:37 PM on May 25, 2006
posted by Esther Festers at 12:37 PM on May 25, 2006
This thread is closed to new comments.
posted by Esther Festers at 2:53 AM on May 25, 2006